Introduction

The security of data has become a recurrent topic in computer science. I think all software developers in their careers have to study that topic. I always keep informed about that, and I apply various kind of algorithms into the several applications customers ask me to develop.

One of the algorithms I frequently use is the RC4.

RC4 is a stream cipher symmetric key algorithm. It was developed in 1987 by Ronald Rivest and kept as a trade secret by RSA Data Security. On September 9, 1994, the RC4 algorithm was anonymously posted on the Internet on the Cyperpunks’ “anonymous remailers” list.

RC4 uses a variable length key from 1 to 256 bytes to initialize a 256-byte state table. The state table is used for subsequent generation of pseudo-random bytes and then to generate a pseudo-random stream which is XOR-ed with the plaintext to give the cipher text. Each element in the state table is swapped at least once.

The RC4 key is often limited to 40 bits, because of export restrictions but it is sometimes used as a 128 bit key. It has the capability of using keys between 1 and 2048 bits. RC4 is used in many commercial software packages such as Lotus Notes and Oracle Secure SQL. It is also part of the Cellular Specification.

I’ve noticed that nobody provided a C# version of RC4 algorithm, so I’ve done it.

Algorithm description

The RC4 algorithm works in two phases:

key setup

ciphering.

Key setup

Key setup is the first and most difficult phase of this algorithm. During a N-bit key setup (N being your key length), the encryption key is used to generate an encrypting variable using two arrays, state and key, and N-number of mixing operations. These mixing operations consist of swapping bytes, modulo operations, and other formulae.

In the attached project you can see how I do it in the EncryptionKey set property of RC4Engine class.

Chiphering phase

Once the encrypting variable is produced from the key setup, it enters the ciphering phase, where it is XOR-ed with the plain text message to create an encrypted message. XOR is the logical operation of comparing two binary bits. If the bits are different, the result is 1. If the bits are the same, the result is 0. Once the receiver gets the encrypted message, he decrypts it by XOR-ing the encrypted message with the same encrypting variable.

In the attached project you can see how I do it in the RC4Engine class:

Encrypt: encript method

Decrypt: decript method

I want to remark that the cripted message comes decrypted using the algorithm used in the encryption phase.

How does the application work?

The front-end layout is the following:

You can:

Enter in In Clear Text Box, a text that has maximum 32767 characters

Click the Encrypt button that appears after you have filled the In Clear Text Box.

To verify the Crypted Text Box you can click the Decrypt button that appears at the end of the encryption process.

You can also modify the encryption key but make sure to use it for both encrypting and decrypting the text.

License

This article has no explicit license attached to it but may contain usage terms in the article text or the download files themselves. If in doubt please contact the author via the discussion board below.